CVE-2010-2481

Name of the Vulnerable Software and Affected Versions LibTIFF versions prior to 3.9.4 tiff versions prior to 4.0.2-r1

Description The issue concerns the TIFFExtractData macro in LibTIFF, which does not properly handle unknown tag types in TIFF directory entries. This can be exploited by remote attackers using a crafted TIFF file, potentially leading to a denial of service (out-of-bounds read and application crash). The exploitation of these vulnerabilities may compromise the confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 3.9.4, update LibTIFF to version 3.9.4 or later to resolve the issue. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to fix the vulnerabilities. As a temporary workaround, consider restricting the use of the TIFFExtractData macro until a patch is available.